TLUG Mailing List

Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: canna port security

To: tlug@example.com

Subject: Re: canna port security

From: Joss Winn <joss@example.com>

Date: Tue, 22 May 2001 18:03:29 +0900

Content-Disposition: inline

Content-Type: text/plain; charset=us-ascii

In-Reply-To: <200105220823.f4M8Nlh29223@example.com>; from tlug-digest-request@example.com on Tue, May 22, 2001 at 05:23:47PM +0900

References: <200105220823.f4M8Nlh29223@example.com>

Reply-To: tlug@example.com

Resent-From: tlug@example.com

Resent-Message-ID: <po38ND.A.4LH.7xiC7@example.com>

Resent-Sender: tlug-request@example.com

User-Agent: Mutt/1.3.12i
On Tue, May 22, 2001 at 05:23:47PM +0900, tlug-digest-request@example.com wrote:

> Date: Mon, 21 May 2001 23:28:47 -0400
> To: tlug@example.com
> From: John Seebach <jseebach@example.com>
> Subject: Re: canna port security
> 
> On Mon, May 21, 2001 at 10:02:23PM +0900, Joss Winn wrote:
> > Hello,
> > 
> > I noticed that one of the ports listed as open on my machine is the
> > canna port.  Is there any way to close this port to scannners like
> > nmap and still have it function for me as a user on my home machine.
> > I am not providing services to anyone but myself.
> 
> 
> $ man cannaserver
> $ man cshost
> 
> The easy answer is that /etc/hosts.canna ought to contain something
> like this:
> 
> unix
> localhost
> 
> I don't have another machine handy at the moment from which to
> portscan this one, and since I allow this machine to connect to its
> own cannaserver, I can't tell you how the port (5680, I belive) looks
> to the outside world.
> 
> There was a security issue reported a while ago, involving a buffer
> overflow that could allow remote users to get root by connecting to
> the cannaserver. You might want to look into this if you're concerned
> about this sort of thing. I'm using a debian package that claims to
> have fixed this, but I haven't delved really closely into whether or
> not this involved fixing the problem or simply changing the default
> so that remote users weren't allowed to connect. Someone who knows
> more than I will have to help you with that one.
> 
> 
> -- 
> john seebach           ~   "Suppose you were an idiot. And suppose you were
> jseebach@example.com  ~   a member of Congress. But I repeat myself."
>                        ~   -- Mark Twain

Thanks, John.  

I'd already tried that and still the port is open.
There was no /etc/hosts.cannna file so I created one. No joy though.

I get this from cshost:

Connected to unix
access control enabled
HOST NAME:localhost
ALL USER

HOST NAME:unix
ALL USER

but nmap still shows the port open on 5680

cheers
Joss
-- 
http://www.josswinn.org
Follow-Ups:

Re: canna port security
From: B0Ti <9915104t@example.com>

Re: canna port security
From: Marc Christensen <marc@example.com>

Prev by Date: Re: Mini-nomikai Friday

Next by Date: Re: Mini-nomikai Friday

Prev by thread: Re: canna port security

Next by thread: Re: canna port security

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links